[stable34] Fix npm audit

[nextcloud-command]

Audit report

This audit fix resolves 1 of the total 18 vulnerabilities found in your project.

Updated dependencies

• @nextcloud/cypress

Fixed vulnerabilities

@nextcloud/cypress #

• Caused by vulnerable dependency:
  • cypress
• Affected versions:
• Package usage:
  • node_modules/@nextcloud/cypress

Full npm audit report

# npm audit report

elliptic  *
Elliptic Uses a Cryptographic Primitive with a Risky Implementation - https://github.com/advisories/GHSA-848j-6mx2-7j84
No fix available
node_modules/elliptic
  browserify-sign  >=2.4.0
  Depends on vulnerable versions of elliptic
  node_modules/browserify-sign
    crypto-browserify  >=3.4.0
    Depends on vulnerable versions of browserify-sign
    Depends on vulnerable versions of create-ecdh
    node_modules/crypto-browserify
      node-stdlib-browser  *
      Depends on vulnerable versions of crypto-browserify
      node_modules/node-stdlib-browser
        vite-plugin-node-polyfills  >=0.3.0
        Depends on vulnerable versions of node-stdlib-browser
        node_modules/vite-plugin-node-polyfills
          @nextcloud/vite-config  *
          Depends on vulnerable versions of vite-plugin-node-polyfills
          node_modules/@nextcloud/vite-config
  create-ecdh  *
  Depends on vulnerable versions of elliptic
  node_modules/create-ecdh

qs  6.11.1 - 6.15.1
Severity: moderate
qs has a remotely triggerable DoS: qs.stringify crashes with TypeError on null/undefined entries in comma-format arrays when encodeValuesOnly is set - https://github.com/advisories/GHSA-q8mj-m7cp-5q26
fix available via `npm audit fix`
node_modules/qs
  @cypress/request  *
  Depends on vulnerable versions of qs
  Depends on vulnerable versions of uuid
  node_modules/@cypress/request
    cypress  4.3.0 - 15.14.2
    Depends on vulnerable versions of @cypress/request
    node_modules/cypress
      @nextcloud/cypress  
      Depends on vulnerable versions of cypress
      node_modules/@nextcloud/cypress

uuid  <11.1.1
Severity: moderate
uuid: Missing buffer bounds check in v3/v5/v6 when buf is provided - https://github.com/advisories/GHSA-w5hq-g745-h8pq
fix available via `npm audit fix`
node_modules/@nextcloud/cypress/node_modules/uuid
node_modules/uuid
  dockerode  4.0.3 - 4.0.12
  Depends on vulnerable versions of uuid
  node_modules/@nextcloud/cypress/node_modules/dockerode

13 vulnerabilities (7 low, 6 moderate)

To address issues that do not require attention, run:
  npm audit fix

Some issues need review, and may require choosing
a different dependency.

Node.js: v24.15.0 | npm: 11.15.0 | Branch: stable34

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

[cypress]

Activity    Run #3833

Run Properties:   Failed #3833  •  3ba71e927a: [stable34] Fix npm audit

Project	Activity
Branch Review	automated/noid/stable34-fix-npm-audit
Run status	Failed #3833
Run duration	02m 18s
Commit	3ba71e927a: [stable34] Fix npm audit
Committer	Nextcloud Command Bot
View all properties for this run ↗︎

---

Test results
Failures	1
Flaky	0
Pending	1
Skipped	0
Passing	8
View all changes introduced in this branch ↗︎

---

Tests for review

  cypress/e2e/settings.cy.ts • 1 failed test • Run E2E

View Output

Test		Artifacts
Check that user's settings survive a reload > Form survive a reload		Test Replay Screenshots